[wp-trac] [WordPress Trac] #36362: check_ajax_referer() does not send a 403 response code upon failure
WordPress Trac
noreply at wordpress.org
Sun Aug 28 17:30:30 UTC 2016
#36362: check_ajax_referer() does not send a 403 response code upon failure
--------------------------+--------------------------
Reporter: johnbillion | Owner: johnbillion
Type: defect (bug) | Status: closed
Priority: normal | Milestone: 4.7
Component: Security | Version: 3.4
Severity: normal | Resolution: fixed
Keywords: has-patch | Focuses:
--------------------------+--------------------------
Changes (by johnbillion):
* owner: => johnbillion
* status: new => closed
* resolution: => fixed
Comment:
In [changeset:"38421"]:
{{{
#!CommitTicketReference repository="" revision="38421"
Security: Return a `403` instead of a `200` HTTP status when
`check_ajax_referer()` fails.
This is, unfortunately, untestable in the current test suite, even in the
AJAX tests.
Fixes #36362
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/36362#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list